Call authorization and verification via a service provider code

ABSTRACT

One example method of operation may include receiving a call message associated with a call, determining a service provider network identifier based on a telephone number of a call origination device, identifying, from the call message, an identity header with a link to a public certificate repository storing a public certificate assigned to a service provider network hosting the call origination device, retrieving a service provider code assigned to the service provider network from the public certificate, and determining whether the service provider code matches the service provider network identifier as identified from a verification table.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.17/475,257, filed on Sep. 14, 2021, which is a continuation of U.S.patent application Ser. No. 16/732,272, filed on Dec. 31, 2019, now U.S.Pat. No. 11,122,032, issued on Sep. 14, 2021, the entire disclosure ofwhich is incorporated by reference herein.

TECHNICAL FIELD OF THE APPLICATION

This application relates to call number verification, and morespecifically to call authorization and verification via a serviceprovider code.

BACKGROUND OF THE APPLICATION

Conventionally, mobile device users receive calls from undesired sourcesevery day and sometimes several times an hour depending on theparticular day. The source numbers which are used to dial the users maybe local numbers, long-distance numbers, anonymous numbers, spoofednumbers, etc. The calls may be spam calls, scam calls, robocalls, etc.

Validation of calls to identify which calls are legitimate is part ofthe scam call management process. For example, call originationvalidation is one approach to identifying whether a call should berouted, answered, blocked, etc. Current approaches to validating callsmay require a number of burdensome operations and may not be performedfast enough to maintain a real-time scam call management solution.

SUMMARY OF THE APPLICATION

Example embodiments of the present application provide at least a methodthat includes at least one of receiving a call message associated with acall, determining a service provider network identifier based on atelephone number of a call origination device, identifying, from thecall message, an identity header comprising a link to a publiccertificate repository storing a public certificate assigned to aservice provider network hosting the call origination device, retrievinga service provider code assigned to the service provider network fromthe public certificate, and determining whether the service providercode matches the service provider network identifier as identified froma verification table.

Another example embodiment may include an apparatus that includes areceiver configured to receive a call message associated with a call, aprocessor configured to determine a service provider network identifierbased on a telephone number of a call origination device, identify, fromthe call message, an identity header comprising a link to a publiccertificate repository storing a public certificate assigned to aservice provider network hosting the call origination device, retrieve aservice provider code assigned to the service provider network from thepublic certificate, and determine whether the service provider codematches the service provider network identifier as identified from averification table.

Still another example embodiment may include a non-transitory computerreadable storage medium configured to store instructions that whenexecuted cause a processor to perform receiving a call messageassociated with a call, determining a service provider networkidentifier based on a telephone number of a call origination device,identifying, from the call message, an identity header comprising a linkto a public certificate repository storing a public certificate assignedto a service provider network hosting the call origination device,retrieving a service provider code assigned to the service providernetwork from the public certificate, and determining whether the serviceprovider code matches the service provider network identifier asidentified from a verification table.

Still yet another example embodiment may include a method that includesone or more of extracting a calling device telephone number from areceived call message, querying a verification table for the callingdevice telephone number, identifying the calling device telephone numberand a corresponding service provider network identifier from theverification table, querying a mapping table for the service providernetwork identifier, and identifying whether a match between the serviceprovider network identifier and a service provider code exists as anentry in the mapping table.

Still yet another example embodiment may include an apparatus thatincludes a processor configured to perform one or more of extract acalling device telephone number from a received call message, query averification table for the calling device telephone number, identify thecalling device telephone number and a corresponding service providernetwork identifier from the verification table, query a mapping tablefor the service provider network identifier, and identify whether amatch between the service provider network identifier and a serviceprovider code exists as an entry in the mapping table.

Still yet a further example embodiment may include a non-transitorycomputer readable storage medium configured to store instructions thatwhen executed cause a processor to perform extracting a calling devicetelephone number from a received call message, querying a verificationtable for the calling device telephone number, identifying the callingdevice telephone number and a corresponding service provider networkidentifier from the verification table, querying a mapping table for theservice provider network identifier, and identifying whether a matchbetween the service provider network identifier and a service providercode exists as an entry in the mapping table.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example network configuration of a call processingnetwork for calling and called parties according to example embodiments.

FIG. 2 illustrates the call network configuration with the carriernetworks identified according to example embodiments.

FIG. 3 illustrates calling party number and network identifieridentification procedure according to example embodiments.

FIG. 4 illustrates a network identifier and service provider codematching procedure according to example embodiments.

FIG. 5 illustrates a service provider code mismatch procedure accordingto example embodiments.

FIG. 6 illustrates a network identifier mismatch procedure according toexample embodiments.

FIG. 7 illustrates a system configuration of a call being placed andauthorized by a call network configuration with an authorization listverification according to example embodiments.

FIG. 8A illustrates a logic flow diagram of a call verificationprocedure according to example embodiments.

FIG. 8B illustrates a logic flow diagram of a call verificationprocedure according to example embodiments.

FIG. 9 illustrates an example network entity device configured to storeinstructions, software, and corresponding hardware for executing thesame, according to example embodiments of the present application.

DETAILED DESCRIPTION OF THE APPLICATION

It will be readily understood that the components of the presentapplication, as generally described and illustrated in the figuresherein, may be arranged and designed in a wide variety of differentconfigurations. Thus, the following detailed description of theembodiments of a method, apparatus, and system, as represented in theattached figures, is not intended to limit the scope of the applicationas claimed, but is merely representative of selected embodiments of theapplication.

The features, structures, or characteristics of the applicationdescribed throughout this specification may be combined in any suitablemanner in one or more embodiments. For example, the usage of the phrases“example embodiments”, “some embodiments”, or other similar language,throughout this specification refers to the fact that a particularfeature, structure, or characteristic described in connection with theembodiment may be included in at least one embodiment of the presentapplication. Thus, appearances of the phrases “example embodiments”, “insome embodiments”, “in other embodiments”, or other similar language,throughout this specification do not necessarily all refer to the samegroup of embodiments, and the described features, structures, orcharacteristics may be combined in any suitable manner in one or moreembodiments.

In addition, while the term “message” has been used in the descriptionof embodiments of the present application, the application may beapplied to many types of network data, such as, packet, frame, datagram,etc. For purposes of this application, the term “message” also includespacket, frame, datagram, and any equivalents thereof. Furthermore, whilecertain types of messages and signaling are depicted in exemplaryembodiments of the application, the application is not limited to acertain type of message, and the application is not limited to a certaintype of signaling.

Example embodiments provide call management of calls placed by a callorigination party to a call recipient party. Following the newrequirements identified by the Federal communication commission (FCC),such as those outlined in RFC 8226, additional authorization of incomingcalls is required to reduce the number of spoof calls. One approach isto require a new service provider code (SPC) which represents a uniqueidentifier for a network provider. Common identifier protocols mayinclude the operating company number (OCN) and the service provideridentifier (SPID), however, in the example embodiments in addition tothose identifiable service provider identifiers, an addition code, suchas the SPC may be cross-referenced to the network identifiers as anadded measure to ensure proper authorization. SPCs assigned to serviceproviders may be received and updated by recipient call networks(carriers) to ensure a telephone number matches a network identifier andthe network identifier matches the SPC, such an approach offers anotherlayer of authorization. The authentication agent could send the SPC inthe certificate so an encoded call payload could be verified by theagent on the receiving end of the call in real-time. For example, asecure telephone identity verification service (STI-VS) can verify acalling number for a given call to a service provider identifier whichcan be used to verify the SPC as identified from the certificateidentified from the call.

FIG. 1 illustrates an example network configuration of a call processingnetwork for calling and called parties according to example embodiments.Referring to FIG. 1 , the configuration 100 includes a service providernetwork 120 for the originating call source and a service providernetwork 130 for the call termination. In operation, the calling device128 may be an ‘A’ call party attempting to call a called device 138 ‘B’via a call messaging protocol, such as session initiation protocol(SIP), however, other call management protocols may be used to forwardand connect calls. As the calling device 128 initiates a call to thecalling device 128, the originating network (service provider 120) isissued a public and private key pair, which is placed in the secure keystore 122, and a corresponding public certificate placed in the assignedsecure telephone identity certificate repository (STI-CR) 112‘certificate repository’. The certificate has a location or identifies alocation of a telephone number (TN) authorization list populated withA's service provider's code (SPC). The certificate may be retrieved andprovided to the call data message via the certificate provisioningmodule 110

The secure telephone identity verification service (STI-VS) and SPCmapping module 132 has access to the telephone number assignments to theservice provider(s) using authoritative data. The STI-VS 132 alsocontains a mapping of all service provider network identifiers (SPIDs),or other official network identifiers, belonging to service provider 120and its assigned SPC value. The service provider's SPC and serviceprovider's IDs (SPIDs, OCN, etc.) do not change frequently, however, theTNs assigned to a service provider are constantly updating. Therefore,the STI-VS 132 requires access to continuous updates, and the data maybe stored locally on the STI-VS 132 for low latency real-time callprocessing. An additional element of this call authorization process isto have flexibility for a variety of unique service provider IDs to asingle “code” that represents the authenticating carrier.

Continuing with the same example, when a call is originated in theservice provider 120 of the calling device 128. For example, a salesman(‘A’ party) calling a potential customer (‘B’ party) in response to aprevious question, etc., the originating network authenticator 126 mayengage the secure telephone identity authorization service 124 (STI-AS)as part of a call setup configuration to sign the call using certificatecryptography techniques and the service provider A's private key. TheSTI-AS 124 forms a passport (i.e., RFC 8225) object and populates in theSIP INVITE message an identity header. The “INVITE” is the mechanism tobegin call setup in the IP network. The identity header contains thesigned-identity-digest containing a base64 encoding of the passport. Theidentity header in the outgoing SIP INVITE conveys the signature usedfor validating the asserted authority over the telephone number by theoriginator and the URI to retrieve the associated public key. With thosecredentials, parties can assert that they are in fact authorized to usethe TNs.

Once the modified SIP INVITE is created to include the identity header,the call is routed to service provider 130, which is the terminatingnetwork for delivery to the called device 138 (party ‘B’). The network130 engages the STI-VS 132 to validate the signature in the identityheader over the passport object. To perform the validation, the STI-VS132 identifies the uniform resource identifier (URI) found in the “info”parameter of the identity header to retrieve the service provider A'spublic certificate stored on the STI-CR 112. The STI-VS 132 may cachethe certificate locally to reduce the number of external STI-CR fetches.The STI-VS 132 retrieves the TN authorization list from the publiccertificate data along with the service provider code (SPC) value withinthe list. For example, if the SPC for service provider A 120 is 1234,the TN authorization list extension in the certificate is: a.1.3.6.1.5.5.7.1.26: I. 0 . . . 1234.

In addition to other verification operations, the STI-VS 132 willcalculate the network service provider identifier to which the callingnumber belongs using the value in the ‘from’ and/or P-asserted identityheaders and the telephone number assignment data. Once the networkidentifier is determined, the STI-VS 132 will use the network identifierto access the SPC in its mapping table. If the mapping matches, TNauthorization verification is successful and the network verifier 134may be instructed to connect the call without dropping or blocking thecall, if it does not match, TN authorization list verification with theSPC fails. This result is used as input into the overall verificationprocess. The third party industry data, such as network identifiers andcorresponding telephone numbers may be retrieved (in real-time) from adata repository 114 that is accessed on a per call basis.

As pre-requisite to verifying the call, the STI-VS 132 must have accessto the telephone number assignments to the service provider data 114using authoritative data which is portability-corrected whereapplicable. The STI-VS 132 retrieves/receives regular updates to this“TN Assignment” data and stores the information. All legitimatetelephone numbers owned by service providers are included. The STI-VS132 also has real-time access to the calling party (A-Party) telephonenumber for a given call by extracting it from the SIP INVITE message.

FIG. 2 illustrates the call network configuration with the carriernetworks identified according to example embodiments. Referring to FIG.2 , the configuration 200 demonstrates the carrier portion of thenetwork. For example, the calling and called parties may be managed bycarrier networks 210/220, however, the authorization portion of the callprocessing may be provided by a third party that supports the carriernetworks. In addition to SIP, the STI-VS and STI-AS may use HTTP RESTinstead of SIP, such as for verification/authorization.

FIG. 3 illustrates calling party number and network identifieridentification procedure according to example embodiments. Referring toFIG. 3 , the configuration 300 provides an example where the telephonenumber identified from the call data message is used to identify acalling party network identifier. In the SIP INVITE message, theorigination telephone number is identified 312 and used to identify theassigned network identifier 314. This is one form ofauthentication/authorization and/or verification that ensures thecalling number has a known network identifier. If the telephone numberis not matched to any network identifiers, then the telephone number maynot be authorized.

In operation, the STI-VS 132 extracts the A-Party telephone number (TN)from the from (or P-Asserted-Identity) header of the incoming SIPINVITE. The TN is 12145551235 312. The STI-VS 132 searches for the TN inits “TN Assignment” data. If the A-Party number is not found in thelist/table 302, the process stops at this point and TN authorizationlist check operation fails. If the A-Party number is found, the STI-VSnow has the network provider identifier code, such as an OCN or SPID.The number 12145551235 is the calling party number and is assigned tothe network represented by the identifier 1212, which becomes the uniqueidentify for the next step in TN authorization list verificationprocess.

FIG. 4 illustrates a network identifier and service provider codematching procedure according to example embodiments. Referring to FIG. 4, the configuration 400 provides that the STI-VS 132 retrieves a serviceprovider code (SPC) from the service provider A's public certificate. Inthis example, the certificate SPC is extracted from the authorizationlist 412 as ‘1111’. Continuing with the example from FIG. 3 , thecalling party number is ‘12145551235’, which is represented by networkidentifier 1212. In order to perform SPC verification, the STI-VS 132contains a mapping of all SPIDs, or other service provider networkidentifier, belonging to service provider ‘A’ to their chosen SPC valuesuch that a single SPC can be encoded and maintained in the publiccertificate, as illustrated in table 402. By having a custom SPC inaddition to telephone numbers, registered network identifiers and otherinformation, the mapping performed can provide a heightened degree ofauthorization to reduce spoof callers that do not have the propercredentials.

Continuing with the same example, the STI-VS 132 searches for thenetwork identifier in its network assignment to SPC mapping table data.In our example, 1234 is found in the SPC mapping table and correspondsto SPC assignment 1111. This could be numeric or any unique identifierthat is exchanged between carriers such that the procedure can determinewhat to expect from the authenticating agent. The STI-VS 132 now haseverything needed to complete the TN authorization list SPC verificationvia the mapping table 402. The A-Party TN is matched with a serviceprovider network ID (OCN/SPID) in a first table, which is matched with aSPC assignment value via a second table. If the network ID is notpresent and/or the SPC value is not in the table and/or the SPC in theauthorization list data extracted from the call data is not found in themapping table, the call me be dropped/blocked and/or the call may failverification. The next operation in the process is comparing the SPCvalue from the TN authorization list in the origination network'scertificate with the SPC assignment value found in the mapping table. Inthis example, the certificate SPC value is ‘1111’ and the SPC assignmentvalue is ‘1111’, and the value matches the network identifier of thetelephone number of the caller, and thus, the call will be placedthrough to the destination. If any of the necessary pieces ofinformation are missing or do not match, the verification is notsuccessful.

FIG. 5 illustrates a service provider code mismatch procedure accordingto example embodiments. Referring to FIG. 5 , in this example, theconfiguration 500 provides an example where the network identifier ismatched with the calling device telephone number, however, the mappingcode ‘2222’ extracted from the call data authorization list 512 is notpart of the mapping table 402. In this example, the network identifieris paired with a SPC assignment that is not the same as the SPCidentified from the certificate data, and thus the number is likelyspoofed or from an invalid/unregistered source, and thus the call willbe dropped.

FIG. 6 illustrates a network identifier mismatch procedure according toexample embodiments. Referring to FIG. 6 , in this example, the networkidentifier for the calling party is ‘5555’ and is found in theverification list table 302 but is not found in the SPC mapping table402, and so the verification process cannot be completed for the SPCidentified from the call data. In one example, all the components of theSPC mapping process are part of the STI-VS including the mappingcomponent 132 and the database elements 302/402. The mapping code ‘3333’extracted from the call data authorization list 612 is not part of themapping table 402.

FIG. 7 illustrates a system configuration of a call being placed andauthorized by a call network configuration with an authorization listverification according to example embodiments. Referring to FIG. 7 , thesystem configuration 700 includes an example of a call being originated732 by a user equipment ‘A’ (UE) 710. The originating networkauthenticator 712 will manage the call processing by including in thecall message a signed private certificate 734 used to provide callsecurity. The calling side will use a secure telephone numberverification agent service STI-AS 714 to create the call object and addidentity header data to the call message 736 via call data sources, suchas the certificate authority or other elements demonstrated in FIG. 1 .Also, the authenticator 712 and the STI-AS 714 may be considered thesame component for practical example purposes. The secure telephonenumber verification service 716 will receive and process the call datato perform various operations, such as validating the signature of theprivate key via a corresponding public key certificate 738, retrievingan authorization list and identifying a service provider code (SPC) 742,determining a network service provider identity 744 from the callingparty information, and comparing the network identifier to the serviceprovider code (SPC) 745. When a match is confirmed 746 the call may beauthorized 748 via the terminating network verified 718 and connected750 from the caller to the callee user equipment ‘B’ 720. Also, theverifier 718 and the STI-VS 716 may be considered the same component forpractical example purposes.

FIG. 8A illustrates a logic flow diagram of a call authorizationprocedure according to example embodiments. Referring to FIG. 8A, theprocess 800 may include receiving a call message associated with a call812 from a calling device. The method may also include determining aservice provider network identifier based on a telephone number of acall origination device 814, identifying, from the call message, an‘Identity’ header having a link to a public certificate repositorystoring a public certificate assigned to a service provider networkhosting the call origination device 816, retrieving a service providercode assigned to the service provider network from the publiccertificate 818, and determining whether the service provider codematches 822 the service provider network identifier as identified from averification list. The mapping may also include identifying a serviceprovider network from a calling party number that is received andcomparing the SPC assigned to that service provider network to the SPCin the certificate 818.

The process may also include, when the service provider code matches theservice provider network identifier as an entry in the verificationtable, authorizing the call to be completed. When the service providercode does not match the service provider network identifier as an entryin the authorization table, blocking the call. The call message may be asession initiation protocol (SIP) INVITE message and the telephonenumber of the call origination device is identified from the SIP INVITEmessage. The authorization list is stored in the public certificate, andthe process may also include retrieving a first table having callingparty assigned telephone numbers and corresponding service providernetwork identifiers, retrieving a second table comprising the serviceprovider network identifiers and corresponding service provider codes,and identifying, via the first table, the service provider networkidentifier of the calling number. The process may also includeidentifying, via the second table, the service provider networkidentifier has an entry that matches the service provider code.

FIG. 8B illustrates a logic flow diagram of a call verificationprocedure according to example embodiments. Referring to FIG. 8B, theprocess 850 may include extracting a calling device telephone numberfrom a receive call message 852, querying the verification list for thecalling device telephone number 854, and identifying the calling devicetelephone number and a corresponding service provider network identifierfrom the authorization list 856. Also, the calling telephone number maybe identified from the network messaging and the STI-VS will thencompare the telephone number to a telephone number in the “Identity”header. The process may also include querying a mapping table for theservice provider network identifier 858, and identifying whether a matchbetween the service provider network identifier and a service providercode exists as an entry in the mapping table 862. The process may alsoinclude retrieving the service provider code from a public certificateassigned to the calling device. The SPC is extracted from the publiccertificate. The calling device telephone number is extracted from anidentity header of the call message and the message is an incomingsession initiation protocol (SIP) INVITE message, and when there is amatch between the service provider network identifier and the serviceprovider code in the mapping table, the process include authorizing acall associated with the call message, when there is not a match betweenthe service provider network identifier and the service provider code inthe mapping table, the process may provide blocking a call associatedwith the call message or just not verifying the call which could lead toother results. The process also includes determining the serviceprovider network identifier does not exist in the mapping table, andblocking or not verifying a call associated with the call message.

The operations of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in acomputer program executed by a processor, or in a combination of thetwo. A computer program may be embodied on a computer readable medium,such as a storage medium. For example, a computer program may reside inrandom access memory (“RAM”), flash memory, read-only memory (“ROM”),erasable programmable read-only memory (“EPROM”), electrically erasableprogrammable read-only memory (“EEPROM”), registers, hard disk, aremovable disk, a compact disk read-only memory (“CD-ROM”), or any otherform of storage medium known in the art.

FIG. 9 illustrates an example network entity device configured to storeinstructions, software, and corresponding hardware for executing thesame, according to example embodiments of the present application. FIG.9 is not intended to suggest any limitation as to the scope of use orfunctionality of embodiments of the application described herein.Regardless, the computing node 900 is capable of being implementedand/or performing any of the functionality set forth hereinabove.

In computing node 900 there is a computer system/server 902, which isoperational with numerous other general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for use with computer system/server 902 include, but are notlimited to, personal computer systems, server computer systems, thinclients, rich clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed cloud computing environments thatinclude any of the above systems or devices, and the like.

Computer system/server 902 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 902 may be practiced in distributed cloudcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed cloud computing environment, program modules may be locatedin both local and remote computer system storage media including memorystorage devices.

As shown in FIG. 9 , computer system/server 902 in cloud computing node900 is shown in the form of a general-purpose computing device. Thecomponents of computer system/server 902 may include, but are notlimited to, one or more processors or processing units 904, a systemmemory 906, and a bus that couples various system components includingsystem memory 906 to processor 904.

The bus represents one or more of any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, an accelerated graphics port, and a processor or local bus usingany of a variety of bus architectures. By way of example, and notlimitation, such architectures include Industry Standard Architecture(ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA)bus, Video Electronics Standards Association (VESA) local bus, andPeripheral Component Interconnects (PCI) bus.

Computer system/server 902 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 902, and it includes both volatileand non-volatile media, removable and non-removable media. System memory906, in one embodiment, implements the flow diagrams of the otherfigures. The system memory 906 can include computer system readablemedia in the form of volatile memory, such as random-access memory (RAM)910 and/or cache memory 912. Computer system/server 902 may furtherinclude other removable/non-removable, volatile/non-volatile computersystem storage media. By way of example only, storage system 914 can beprovided for reading from and writing to a non-removable, non-volatilemagnetic media (not shown and typically called a “hard drive”). Althoughnot shown, a magnetic disk drive for reading from and writing to aremovable, non-volatile magnetic disk (e.g., a “floppy disk”), and anoptical disk drive for reading from or writing to a removable,non-volatile optical disk such as a CD-ROM, DVD-ROM or other opticalmedia can be provided. In such instances, each can be connected to thebus by one or more data media interfaces. As will be further depictedand described below, memory 906 may include at least one program producthaving a set (e.g., at least one) of program modules that are configuredto carry out the functions of various embodiments of the application.

Program/utility 916, having a set (at least one) of program modules 918,may be stored in memory 906 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating system, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 918 generally carry out the functionsand/or methodologies of various embodiments of the application asdescribed herein.

As will be appreciated by one skilled in the art, aspects of the presentapplication may be embodied as a system, method, or computer programproduct. Accordingly, aspects of the present application may take theform of an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present application may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Computer system/server 902 may also communicate with one or moreexternal devices 920 such as a keyboard, a pointing device, a display922, etc.; one or more devices that enable a user to interact withcomputer system/server 902; and/or any devices (e.g., network card,modem, etc.) that enable computer system/server 902 to communicate withone or more other computing devices. Such communication can occur viaI/O interfaces 924. Still yet, computer system/server 902 cancommunicate with one or more networks such as a local area network(LAN), a general wide area network (WAN), and/or a public network (e.g.,the Internet) via network adapter 926. As depicted, network adapter 926communicates with the other components of computer system/server 902 viaa bus. It should be understood that although not shown, other hardwareand/or software components could be used in conjunction with computersystem/server 902. Examples include, but are not limited to: microcode,device drivers, redundant processing units, external disk drive arrays,RAID systems, tape drives, and data archival storage systems, etc.

Although an exemplary embodiment of at least one of a system, method,and non-transitory computer readable medium has been illustrated in theaccompanied drawings and described in the foregoing detaileddescription, it will be understood that the application is not limitedto the embodiments disclosed, but is capable of numerous rearrangements,modifications, and substitutions as set forth and defined by thefollowing claims. For example, the capabilities of the system of thevarious figures can be performed by one or more of the modules orcomponents described herein or in a distributed architecture and mayinclude a transmitter, receiver or pair of both. For example, all orpart of the functionality performed by the individual modules, may beperformed by one or more of these modules. Further, the functionalitydescribed herein may be performed at various times and in relation tovarious events, internal or external to the modules or components. Also,the information sent between various modules can be sent between themodules via at least one of: a data network, the Internet, a voicenetwork, an Internet Protocol network, a wireless device, a wired deviceand/or via plurality of protocols. Also, the messages sent or receivedby any of the modules may be sent or received directly and/or via one ormore of the other modules.

One skilled in the art will appreciate that a “system” could be embodiedas a personal computer, a server, a console, a personal digitalassistant (PDA), a cell phone, a tablet computing device, a smartphoneor any other suitable computing device, or combination of devices.Presenting the above-described functions as being performed by a“system” is not intended to limit the scope of the present applicationin any way but is intended to provide one example of many embodiments.Indeed, methods, systems and apparatuses disclosed herein may beimplemented in localized and distributed forms consistent with computingtechnology.

It should be noted that some of the system features described in thisspecification have been presented as modules, in order to moreparticularly emphasize their implementation independence. For example, amodule may be implemented as a hardware circuit comprising custom verylarge-scale integration (VLSI) circuits or gate arrays, off-the-shelfsemiconductors such as logic chips, transistors, or other discretecomponents. A module may also be implemented in programmable hardwaredevices such as field programmable gate arrays, programmable arraylogic, programmable logic devices, graphics processing units, or thelike.

A module may also be at least partially implemented in software forexecution by various types of processors. An identified unit ofexecutable code may, for instance, comprise one or more physical orlogical blocks of computer instructions that may, for instance, beorganized as an object, procedure, or function. Nevertheless, theexecutables of an identified module need not be physically locatedtogether but may comprise disparate instructions stored in differentlocations which, when joined logically together, comprise the module andachieve the stated purpose for the module. Further, modules may bestored on a computer-readable medium, which may be, for instance, a harddisk drive, flash device, random access memory (RAM), tape, or any othersuch medium used to store data.

Indeed, a module of executable code could be a single instruction, ormany instructions, and may even be distributed over several differentcode segments, among different programs, and across several memorydevices. Similarly, operational data may be identified and illustratedherein within modules and may be embodied in any suitable form andorganized within any suitable type of data structure. The operationaldata may be collected as a single data set or may be distributed overdifferent locations including over different storage devices, and mayexist, at least partially, merely as electronic signals on a system ornetwork.

It will be readily understood that the components of the application, asgenerally described and illustrated in the figures herein, may bearranged and designed in a wide variety of different configurations.Thus, the detailed description of the embodiments is not intended tolimit the scope of the application as claimed but is merelyrepresentative of selected embodiments of the application.

One having ordinary skill in the art will readily understand that theabove may be practiced with steps in a different order, and/or withhardware elements in configurations that are different than those whichare disclosed. Therefore, although the application has been describedbased upon these preferred embodiments, it would be apparent to those ofskill in the art that certain modifications, variations, and alternativeconstructions would be apparent.

While preferred embodiments of the present application have beendescribed, it is to be understood that the embodiments described areillustrative only and the scope of the application is to be definedsolely by the appended claims when considered with a full range ofequivalents and modifications (e.g., protocols, hardware devices,software platforms etc.) thereto.

What is claimed is:
 1. A method comprising: retrieving, via a call termination service provider, a public certificate issued by the call origination provider responsive to a call being placed, to a secure telephone identity certificate repository (STI-CR) accessible by the termination service provider, wherein the public certificate identifies a storage location of a telephone number authorization list comprising corresponding service provider codes associated with a call origination device; determining a service provider network identifier identifies a service provider network supporting the call origination device, based on a calling number of the call origination device; retrieving, via the call termination service provider, a telephone number authorization list and the service provider codes from a public certificate assigned to the service provider network based on a link identifying a public certificate repository and a public key stored in an identity header of a call message; determining, via the call termination service provider, whether the service provider code matches the service provider network identifier; and blocking or verifying the call based on the match determination; wherein a verification service is processed by a Secure Telephone Identity Verification Service (STI-VS) which requires continuous updates of the telephone number authorization list.
 2. The method of claim 1, comprising: when the service provider code matches the service provider network identifier as an entry in a table, verifying the call to be completed.
 3. The method of claim 1, comprising: when the service provider code does not match the service provider network identifier as an entry in a table, blocking the call.
 4. The method of claim 1, wherein the call message is a session initiation protocol (SIP) INVITE message and the calling number of the call origination device is identified from the SIP INVITE message.
 5. The method of claim 1, comprising a table, comprising service provider network identifiers and the corresponding service provider codes, is stored in the public certificate.
 6. The method of claim 1, comprising: identifying the service provider network identifier assigned to the calling number of the call origination device.
 7. The method of claim 6, comprising: identifying, via a table, the service provider network identifier has an entry that matches the service provider code.
 8. An apparatus comprising: a processor configured to retrieve a public certificate issued by a call origination provider responsive to a call being placed, to a secure telephone identity certificate repository (STI-CR) accessible by the termination service provider, wherein the public certificate identifies a storage location of a telephone number authorization list comprising service provider codes associated with a call origination device; determine a service provider network identifier identifies a service provider network that supports the call origination device, based on a calling number of the call origination device; retrieve a telephone number authorization list and the service provider codes from a public certificate assigned to the service provider network based on a link that identifies a public certificate repository and a public key stored in an identity header of a call message; determine whether the service provider code matches the service provider network identifier; and block or verify the call based on the match determination; wherein a verification service is processed by a Secure Telephone Identity Verification Service (STI-VS) which requires continuous updates of the telephone number authorization list.
 9. The apparatus of claim 8, wherein when the service provider code matches the service provider network identifier as an entry in a table, verify the call to be completed.
 10. The apparatus of claim 8, wherein when the service provider code does not match the service provider network identifier as an entry in a table, block the call.
 11. The apparatus of claim 8, wherein the call message is a session initiation protocol (SIP) INVITE message and the calling number of the call origination device is identified from the SIP INVITE message.
 12. The apparatus of claim 8, comprising a table, comprising service provider network identifiers and the service provider codes that correspond, is stored in the public certificate.
 13. The apparatus of claim 8, comprising: identify the service provider network identifier assigned to the calling number of the call origination device.
 14. The apparatus of claim 13, comprising: identify the service provider network identifier has an entry that matches the service provider code.
 15. A non-transitory computer readable storage medium configured to store instructions that when executed cause a processor to perform: retrieving, via a call termination service provider, a public certificate issued by the call origination provider responsive to a call being placed, to a secure telephone identity certificate repository (STI-CR) accessible by the termination service provider, wherein the public certificate identifies a storage location of a telephone number authorization list comprising corresponding service provider codes associated with a call origination device; determining a service provider network identifier identifies a service provider network supporting the call origination device, based on a calling number of the call origination device; retrieving, via the call termination service provider, a telephone number authorization list and the service provider codes from a public certificate assigned to the service provider network based on a link identifying a public certificate repository and a public key stored in an identity header of a call message; determining, via the call termination service provider, whether the service provider code matches the service provider network identifier; and blocking or verifying the call based on the match determination; wherein a verification service is processed by a Secure Telephone Identity Verification Service (STI-VS) which requires continuous updates of the telephone number authorization list.
 16. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform: when the service provider code matches the service provider network identifier as an entry in a table, verifying the call to be completed.
 17. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform: when the service provider code does not match the service provider network identifier as an entry in a table, blocking the call.
 18. The non-transitory computer readable storage medium of claim 15, wherein the call message is a session initiation protocol (SIP) INVITE message and the calling number of the call origination device is identified from the SIP INVITE message.
 19. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform: identifying the service provider network identifier assigned to the calling number of the call origination device.
 20. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform: identifying, via a table, the service provider network identifier has an entry that matches the service provider code. 